Info

Disclosure

Oct 22, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cups contains a flaw that may allow a malicious user to view plaintext usernames and passwords, both in the error log and the process list of the affected system. The issue is triggered when a user is authenticated via Samba. It is possible that the flaw may allow users to discover passwords, resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.1.22rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Easy Software Products	CUPS	1.1.21x
		1.1.20x
		1.1.1x
		1.1.x

References

Secunia Advisory ID: 12924 12950
CVE ID: 2004-0923 (see also: NVD)
Vendor Specific Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-543.html
Vendor Specific News/Changelog Entry: http://www.cups.org/str.php?L920
Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:116

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Easy Software Products

CUPS

References

Credit